/apex-crud-fls.txt
Last active Oct 9, 2019
Simple Apex Controller with CRUD and FLS
| This simple controller (without CRUD and FLS) ... | |
| public with sharing class AccountController { | |
| @AuraEnabled | |
| public static List<Account> findAll() { | |
| return [SELECT id, name, Location__Latitude__s, Location__Longitude__s | |
| FROM Account | |
| WHERE Location__Latitude__s != NULL AND Location__Longitude__s != NULL | |
| LIMIT 50]; | |
| } | |
| } | |
| ... should be rewritten like this (With CRUD and FLS): | |
| public with sharing class AccountController { | |
| @AuraEnabled | |
| public static List<Account> getAccounts() { | |
| String [] fields = new String [] { | |
| 'Id', | |
| ’Name', | |
| ’Location__Latitude__s', | |
| ’Location__Longitude__s' | |
| }; | |
| Map<String,Schema.SObjectField> m = Schema.SObjectType.Account.fields.getMap(); | |
| for (String field : fields) { | |
| // Check if user has permission to view field | |
| if (!m.get(field).getDescribe().isAccessible()) { | |
| throw new System.NoAccessException() | |
| return null; | |
| } | |
| } | |
| return [SELECT id, name, Location__Latitude__s, Location__Longitude__s | |
| FROM Account | |
| WHERE Location__Latitude__s != NULL AND Location__Longitude__s != NULL | |
| LIMIT 50]; | |
| } | |
| } |
This comment has been minimized.
This comment has been minimized.
Doudouz-EITECH
commented
Aug 3, 2018
|
+1 |
This comment has been minimized.
This comment has been minimized.
rbenedetti
commented
Oct 9, 2019
|
If the field is accessible, so is the object. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
forcemantis commentedMar 1, 2018
Jeff, Should we also not check Schema.SObjectType.Account.isAccessible() either on line 28 or 39?